There is no industry that hackers won’t target as long as they have something to gain from it. All and any personally identifiable information has some value to someone on the Dark Web, whether it will be used for identity theft purposes, for an advanced targeted attack or for something else. Cyber criminals work tirelessly to breach systems in a variety of verticals, and it shows: In 2015, the Identity Theft Resource Center in the US tallied over 780 data breaches, amounting to the exposure of more than 169 million records.
That said, certain industries and verticals are far more likely to be victimized by cyber attackers than others by nature of the potential value of the data and other digital assets in their protection. In particular, any organization that has personally identifiable information is a highly prized target.
The top five of most frequently targeted industries:
1. Health care
According to Trend Micro’s comprehensive analysis of data breaches that took place between 2005 and 2015, health care came out ahead, representing the most highly targeted industry for data breaches.
When it comes to the theft of health care records, the loss of portable devices represented the biggest threat to sensitive information. As mobile devices develop into a mainstay across all industries, health care organizations will have their work cut out for them in ensuring that all end points have ironclad cyber security.
Interestingly, number two on Trend Micro’s list of most-breached industries was education. In this case, educational records were the sought-after loot, especially at the college and university levels. Trend Micro notes that many educational records contain personally identifiable information including contact information, Social Security numbers and more.
The number one cyber threat to education was hacking and malware. This makes sense given the high volume of computer users on any given day in a university setting. Students, staff and faculty may access any number of websites. They might check personal email accounts, update social media, shop online and even download music and other files. This would also partially explain why unintended exposure is the second most prominent cause of data breaches in education. If a system administrator, teacher or employee from the billing or financial aid office forgets to terminate a session, personally identifiable information can be rendered vulnerable as a result.
If there is a silver lining, it is that Trend Micro has noted a continual decline in the number of data breaches in education since 2010, which may be the result of hackers moving on to industries that have a higher probably for a hefty payday, for example, health care and government.
It is somewhat unexpected that the top cause of government-related data breaches was unintended exposure, followed shortly thereafter by lost portable devices. It’s well-understood that there are plenty of parties that could benefit from breaching government cyber security – foreign nation-states, militant groups, crime rings and much more. For this reason, the fact that many government cyber woes are the result of internal mistakes is especially alarming.
Trend Micro’s research highlights a very clear rise in the number of cyber attacks that have targeted retail over the last five years. Furthermore, hacking and malware represent nearly 50 percent of these data breaches. Hackers are going after the point of sale in an effort to capture credit card information, which can then be sold on the Dark Web.
A variety of tactics are being used to this end, and two of the chief culprits are memory-scraping malware and POS skimmers. The latter, according to Trend Micro, entails that rigging of payment processing units to steal credit card information. This is especially a problem for small and medium-sized businesses, which may be more likely to purchase payment processing systems from less-reputable vendors.
With the EMV chip-card technology (the standard in Europe) the cyber threats to the POS will hopefully become less prominent. EMV technology is not necessarily ironclad, but it is a significant step up in cyber security from magnetic stripes, and one that more retailers will take as 2016 unfolds.
Last but not least, financial sectors are highly targeted for obvious reasons. In addition to safeguarding money, financial institutions must also protect personally identifiable information. This includes contact information, Social Security numbers and more. Curiously, Trend Micro found that lost portable devices and other insider threats were some of the main sources of data breaches, highlighting the need for stronger enforcement policies to keep sensitive information secure.
However, Trend Micro also noted that hacking and malware that target financial institutions are not too far behind, and gaining. Phishing scams, for example, might be leveraged to get a customer to unwittingly expose their login information for an online banking account.
Now more than ever, comprehensive threat protection such as Deep Security from Trend Micro is absolutely necessary for organizations in finance and other highly targeted industries.